7 files changed, 158 insertions, 4 deletions

diff --git a/contrib/gate/Dockerfile b/contrib/gate/Dockerfile
index d1e0b967b..2a904a202 100644
--- a/contrib/gate/Dockerfile
+++ b/contrib/gate/Dockerfile
@@ -1,6 +1,5 @@
-FROM fedora:30
+FROM fedora:31
 RUN dnf -y install \
-      atomic-registries \
       btrfs-progs-devel \
       bzip2 \
       container-selinux \
@@ -46,7 +45,6 @@ WORKDIR $GOSRC
 
 # Install dependencies
 RUN set -x && \
-    make install.tools && \
     install -D -m 755 $GOSRC/contrib/gate/entrypoint.sh /usr/local/bin/ && \
     python3 -m pip install pre-commit && \
     rm -rf "$GOSRC"
diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in
index 31e94fa80..25c70c392 100644
--- a/contrib/spec/podman.spec.in
+++ b/contrib/spec/podman.spec.in
@@ -19,7 +19,7 @@
 %endif
 
 # %if ! 0% {?gobuild:1}
-%define gobuild(o:) go build -tags="$BUILDTAGS" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|of -An -tx1|tr -d ' \\n')" -a -v -x %{?**};
+%define gobuild(o:) go build -tags="$BUILDTAGS" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**};
 #% endif
 
 # libpod hack directory
diff --git a/contrib/systemd/README.md b/contrib/systemd/README.md
new file mode 100644
index 000000000..20f11467a
--- /dev/null
+++ b/contrib/systemd/README.md
@@ -0,0 +1,102 @@
+# Setting up Podman service for systemd socket activation
+
+## system-wide (podman service run as root)
+
+The following unit file examples assume:
+ 1. copied the `service` executable into `/usr/local/bin`
+ 1. `chcon system_u:object_r:container_runtime_exec_t:s0 /usr/local/bin/service`
+ 
+then:
+ 1. copy the `podman.service` and `podman.socket` files into `/etc/systemd/system`
+ 1. `systemctl daemon-reload`
+ 1. `systemctl enable podman.socket`
+ 1. `systemctl start podman.socket`
+ 1. `systemctl status podman.socket podman.service`
+ 
+Assuming the status messages show no errors, the libpod service is ready to respond to the APIv2 on the unix domain socket `/run/podman/podman.sock` 
+
+### podman.service
+```toml
+[Unit]
+Description=Podman API Service
+Requires=podman.socket
+After=podman.socket
+Documentation=man:podman-api(1)
+StartLimitIntervalSec=0
+
+[Service]
+Type=oneshot
+Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf
+ExecStart=/usr/local/bin/service
+TimeoutStopSec=30
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target
+Also=podman.socket
+```
+### podman.socket
+
+```toml
+[Unit]
+Description=Podman API Socket
+Documentation=man:podman-api(1)
+
+[Socket]
+ListenStream=%t/podman/podman.sock
+SocketMode=0660
+
+[Install]
+WantedBy=sockets.target
+```
+## user (podman service run as given user aka "rootless")
+
+The following unit file examples assume:
+ 1. you have a created a directory `~/bin`
+ 1. copied the `service` executable into `~/bin`
+ 1. `chcon system_u:object_r:container_runtime_exec_t:s0 ~/bin/service`
+ 
+then:
+ 1. `mkdir -p ~/.config/systemd/user`
+ 1. copy the `podman.service` and `podman.socket` files into `~/.config/systemd/user`
+ 1. `systemctl --user enable podman.socket`
+ 1. `systemctl --user start podman.socket`
+ 1. `systemctl --user status podman.socket podman.service`
+ 
+Assuming the status messages show no errors, the libpod service is ready to respond to the APIv2 on the unix domain socket `/run/user/$(id -u)/podman/podman.sock` 
+
+### podman.service
+
+```toml
+[Unit]
+Description=Podman API Service
+Requires=podman.socket
+After=podman.socket
+Documentation=man:podman-api(1)
+StartLimitIntervalSec=0
+
+[Service]
+Type=oneshot
+Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf
+ExecStart=%h/bin/service
+TimeoutStopSec=30
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target
+Also=podman.socket
+```
+### podman.socket
+
+```toml
+[Unit]
+Description=Podman API Socket
+Documentation=man:podman-api(1)
+
+[Socket]
+ListenStream=%t/podman/podman.sock
+SocketMode=0660
+
+[Install]
+WantedBy=sockets.target
+```
diff --git a/contrib/systemd/system/podman.service b/contrib/systemd/system/podman.service
new file mode 100644
index 000000000..13d858627
--- /dev/null
+++ b/contrib/systemd/system/podman.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Podman API Service
+Requires=podman.socket
+After=podman.socket
+Documentation=man:podman-api(1)
+StartLimitIntervalSec=0
+
+[Service]
+Type=oneshot
+Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf
+ExecStart=/usr/local/bin/service
+TimeoutStopSec=30
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target
+Also=podman.socket
diff --git a/contrib/systemd/system/podman.socket b/contrib/systemd/system/podman.socket
new file mode 100644
index 000000000..8b22e31e4
--- /dev/null
+++ b/contrib/systemd/system/podman.socket
@@ -0,0 +1,10 @@
+[Unit]
+Description=Podman API Socket
+Documentation=man:podman-api(1)
+
+[Socket]
+ListenStream=%t/podman/podman.sock
+SocketMode=0660
+
+[Install]
+WantedBy=sockets.target
diff --git a/contrib/systemd/user/podman.service b/contrib/systemd/user/podman.service
new file mode 100644
index 000000000..81fa55cf8
--- /dev/null
+++ b/contrib/systemd/user/podman.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Podman API Service
+Requires=podman.socket
+After=podman.socket
+Documentation=man:podman-api(1)
+StartLimitIntervalSec=0
+
+[Service]
+Type=oneshot
+Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf
+ExecStart=%h/bin/service
+TimeoutStopSec=30
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target
+Also=podman.socket
diff --git a/contrib/systemd/user/podman.socket b/contrib/systemd/user/podman.socket
new file mode 100644
index 000000000..8b22e31e4
--- /dev/null
+++ b/contrib/systemd/user/podman.socket
@@ -0,0 +1,10 @@
+[Unit]
+Description=Podman API Socket
+Documentation=man:podman-api(1)
+
+[Socket]
+ListenStream=%t/podman/podman.sock
+SocketMode=0660
+
+[Install]
+WantedBy=sockets.target